<?php
if('POST' != $_SERVER['REQUEST_METHOD']){
	header('Allow: POST');
	header('HTTP/1.1 405 Method Not Allowed');
	header('Content-Type: text/plain');
	exit();
}

function nocache_headers() {
	// why are these @-silenced when other header calls aren't?
	@header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
	@header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
	@header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
	@header( 'Pragma: no-cache' );
}
/**
 * 校验email
 */
function is_email($str){
	return preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/", $str);
}
/**
 * 校验网址 
 */
function is_url($str){
	return preg_match("/^http:\/\/[A-Za-z0-9]+\.[A-Za-z0-9]+[\/=\?%\-&_~`@[\]\':+!]*([^<>\"])
*$/", $str);
}
/**
 * 校验表单
 */
function check_form($author, $email, $url, $comment){
	if($author != '' && $email != ''){
		if(!is_email($email)){
			return false;
		}
	}else{
		return false;
	}
	return true;
}

nocache_headers();

$comment_author = trim(strip_tags($_POST['username']));
$comment_author_email = trim($_POST['useremail']);
$comment_author_url = addslashes(htmlspecialchars(trim($_POST['userwebsite'])));
$comment_content = trim(strip_tags($_POST['contents']));

if(isset($_SESSION['User_Name']))
{
	$comment_author = $user_info['F_USER_NICKNAME'];
}

$com_data = array();
$com_data['F_ID_BLOG_INFO'] = 1;
$com_data['F_ID_POSTS_INFO'] = $_POST['postid'];
$user_IP = ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];
$user_IP = ($user_IP) ? $user_IP : $_SERVER["REMOTE_ADDR"];
$com_data['F_COMMENTS_USER'] = $comment_author;
$com_data['F_COMMENTS_USER_IP'] = $user_IP;
$com_data['F_COMMENTS_USER_EMAIL'] = $comment_author_email;
$com_data['F_COMMENTS_USER_BLOG'] = $comment_author_url;
$com_data['F_COMMENTS_DATE'] = time();
$com_data['F_COMMENTS_CONTENT'] = $comment_content;
if(check_form($comment_author, $comment_author_email, $comment_author_url, $comment)){
	if($blog->insertData('ee_blog_comments', $com_data)){
		$blog->UpdatePostsComments($_POST['postid']);
		header("Location:{$_GET['ReturnUrl']}");
	}
}else{
	exit;
}
?>